Terms and Conditions for Grants and Contributions under the Cyber Security Cooperation Program
The Minister’s authority to make transfer payments is provided for by section 6(1)(c) of the Department of Public Safety and Emergency Preparedness Act, S.C. 2005, ch.10. It provides that the Minister of Public Safety and Emergency Preparedness may, in exercising his or her powers and in performing his or her duties and functions, and with due regard to the powers conferred on the provinces and territories, make grants or contributions.
Sections 4(1)(m), (o), (p) and (q) of the Emergency Management Act assigns responsibility to the Minister for such things as promoting the adoption of standards and best practices and the conduct of research with respect to emergency management while section 6(1) assigns responsibility to the Minister to identify the risks that are within or related to his area of responsibility.
The Department of Public Safety and Emergency Preparedness’s (the Department) Cyber Security Cooperation Program (CSCP) aims to contribute to the federal government’s leadership role in advancing cyber security in Canada. By enabling close collaboration with other levels of governments, the private sector, academia, and non-governmental organizations, the CSCP’s purpose will be to commission research and yield comprehensive results that help position Canadian governments, businesses, and citizens to better anticipate trends, adapt to a changing environment, and remain on the leading edge of innovation in cyber security.
The current terms and conditions for the CSCP will be valid from the date they receive approval from the Treasury Board Secretariat until March 31, 2024.
In alignment with the goals and priorities of the new National Cyber Security Strategy (NCSS), the CSCP is comprised of the following three streams and related objectives:
- Security and Resilience: The number and complexity of cyber threats continues to increase. The goal of this stream is to incentivize research and action in the area of cyber resilience. This includes projects that aim to encourage national action to bolster the security and resilience of Canadian systems to cyber threats, and to increase the national cyber security baseline across the country. Funding will be provided for projects that enhance the capacity to prevent, mitigate, and respond to advanced cyber attacks targeting Canadian systems and institutions, and help defend critical government and private sector systems. This includes supporting activities that not only encourage and assist non-federal partners to better protect themselves, but also ensure that Canadian cyber systems are prepared for and can take advantage of rapid technological advancements.
- Cyber Innovation: Canada will need to develop innovative cyber security tools and areas of cyber specialization if it is to remain at the forefront of emerging technology and raise a new generation of connected, cyber-capable Canadians. The goal of this stream is to position Canada to take advantage of the economic benefits that can derive from innovations in the cyber security field. Funding will be provided for projects that assist Canadian governments, businesses and citizens in anticipating trends, and that address emerging threats to cyber security posed by disruptive and emerging technologies. This includes support for advanced research and development, and for projects that advance cyber security skills and knowledge in Canada.
- Effective Leadership: Canada’s success in cyber security will depend on multiple actors working together on complex and evolving issues. The goal of this stream is for the Government to demonstrate leadership and promote national coordinated action to advance cyber security knowledge, skills and innovation in Canada. Funding will be provided to support projects that enhance stakeholders’ collaboration and coordination in increasing the body of knowledge and understanding of cyber security issues, and ensure that Canadian values and interests are strengthened, preserved and defended. This includes projects that increase public awareness of cyber threats, as well as projects that begin to address the fundamental gap in available current Canadian data and metrics related to cyber security, with a view to improve decision-making.
5.0 Expected Results / Performance Measurement Strategy
The CSCP contributes to the achievement of departmental and governmental objectives of building a safe and resilient Canada, and enhancing Canada’s resilience to cyber events and incidents. It falls under section 1.1 (National Security) and section 1.1.3 (Cyber Security) of the Department’s Program Inventory.
The CSCP plays a critical role in working towards the expected outcomes and goals of the new “National Cyber Security Strategy: Canada’s Vision of Security and Prosperity in the Digital Age”. It aims to help Canada address evolving cyber threats, realize the economic benefits of cyber security and enhance national collaboration and engagement of stakeholders.
Key performance measures and indicators
The understanding of cyber vulnerabilities and threats is enhanced among stakeholders.
Percentage of stakeholders that indicate having an increased awareness of cyber threats and vulnerabilities.
Research funded through the CSCP helps to ensure that the Department’s decision making is evidence-based.
Percentage of CSCP research projects cited in National Cyber Security Directorate (NCSD) policy and guidance documents.
Non-federal Canadian systems and information are less vulnerable and better secured against cyber threats.
Percentage of stakeholders that indicate an overall improvement of their cyber security posture.
Percentage of stakeholders that indicate that they are adopting cyber best practices.
The Department will draw on the horizontal performance measurement strategy for the NCSS, to ensure that appropriate indicators are established and to promote an effective evaluation of the program.
6.0 Eligible Recipients
Grants and Contributions may be provided to the following classes of Recipients:
- Canadian not-for-profit organizations;
- Canadian academic and research institutions;
- Provincial, territorial and local governments and authorities; and,
- Canadian individual researchers and professionals.
In addition to the above list, Contributions may also be provided to the following class of Recipients:
- Canadian for-profit organizations.
7.0 Nature and Type of Eligible Initiatives or Projects
The nature and type of initiatives or projects that are considered eligible for funding must be aligned with the objectives of one of the CSCP’s three streams, as listed under Section 3.0 of the current Terms and Conditions document. They may include the following:
Potential Initiatives or Projects Eligible for Funding
Security and Resilience
8.0 Eligible Expenditures
Funds may only be used for eligible expenditures that have been identified in a budget approved by the Department. Eligible expenditures will be those that are incurred by the Recipient, are reasonable, incremental, directly related to, and required to carry out the project activities.
Eligible expenses include:
- salaries and wages for permanent or temporary professional, clerical, technical and administrative services, and stipends (including expenses for international staff);
- consultation fees, and audit fees;
- training or educational fees (e.g. courses, workshops, etc.);
- conference room and meeting room rentals;
- office equipment and minor capital acquisitions net of disposal (less than $5,000 per acquisition);
- reasonable travel and living expenses related to the delivery of the project, including transportation rental fees;
- honoraria, defined as time limited remuneration for a volunteer service or participation in project delivery that is consistent with, and essential to the attainment of, the project’s objectives;
- computer services, library expenses, research costs and collection and analysis of statistics;
- public awareness and educational activities consistent with the project’s objectives;
- translation and simultaneous interpretation activities;
- hospitality (meals and refreshments), only in the context of research projects where focus groups are undertaken;
- shipping charges, postage, licenses, and other fees; and,
- federal and provincial taxes (only after credits and reimbursements have been considered).
Other eligible expenses:
Administrative & overhead costs which may not be explicitly incurred for the purpose of the delivery of the project, but enable its achievement, could be considered as other eligible expenses. These costs may not be effectively tracked to the project. Therefore, they will be apportioned to the project based on a reasonable methodology predefined in writing by the Recipient, in the budget request submitted at the onset of the agreement. Combined, these expenses should not exceed 15% of the total eligible project costs funded by the Department.
The nature of these costs should not be covered under any of the other above categories. They may include:
- office supplies;
- distribution; and,
- capital costs, such as land, buildings, vehicles and most other major capital costs (more than $5,000 per acquisition);
- hospitality (meals, beverages or refreshments, and entertainment);*
- rent, normal utilities such as electricity, heat, water and telephone, maintenance of offices and other buildings, insurance and taxes; and,
- contributions to Employment Insurance, the Canada Pension Plan, the Workers’ Compensation Board, the Provincial Pension Plan or other Employee Benefit Plans.
*Food and refreshment may be considered eligible costs in the context of research projects where focus groups are undertaken.
9.0 Maximum Amount Payable and Period
Funding amounts will be determined based on an assessment of the Recipient’s planned activities and budget submission, previous financial performance, and capacity of the Recipient to achieve results. The CSCP’s review authorities will also take into consideration similar projects and other sources of funding. Assistance will be provided at the minimum level required to ensure the project can proceed within the proposed time, location and scope, and to further the CSCP’s objectives and expected results. Any contributions made to for-profit organizations are not intended to allow the business to generate profits or to increase the value of the business.
The maximum amount of financial assistance payable to each Recipient will be limited by the Vote appropriated for this purpose, the availability of the CSCP funds and the number of successful applicants. The maximum funding amount shall not exceed $300,000 annually per Contribution. In the case of for-profit organizations, the maximum funding amount shall not exceed $100,000 annually per Contribution. The maximum funding amount shall not exceed $150,000 annually per Grant.
Funding agreements may be in the form of multi-year funding. No project will extend beyond March 31, 2024.
10.0 Stacking Limit
The Department will ensure that contributions made under the funding program do not cover expenses already covered through another funding program or strategy. To that effect, Applicants/Recipients will be required to disclose all confirmed and potential sources of funding (governmental and non-governmental) for a proposed project, before the start and at the end of a project.
Where possible and appropriate, the cost of an eligible activity will be shared between the Department, the Recipient and/or external funders. The Department will ensure that the total Canadian government funding (federal/provincial/territorial/municipal assistance) does not exceed 75% of the total eligible expenditures.
11.0 Method of Payment
Payments will be issued in the form of instalments, unless the full amount is required in a single payment to meet the objectives of the grant.
Payments can be made up to a portion of the grant amount prior to completion of the project, as determined by an assessed level of risk.
Recipients must meet, and continue to meet, the specific Terms and Conditions of the Grant Agreement, prior to payments being made.
Payments for contributions, including advance payments, will be issued to Recipients pursuant to the provisions of the Treasury Board Policy on Transfer Payments and based on the reimbursement of eligible expenditures. Payments can be made up to a portion of the contribution amount, based on a cash flow requirement and on a Risk Assessment of the Recipient. The assessed level of risk will also determine requirements for a holdback provision to be included in the Agreement.
Progress payments will be issued to reimburse the Recipient for expenditures made. They will be based upon receipt and acceptance by the Department of interim financial and non-financial project reports outlining the activities and expenditures to date.
Where advance payments are required for the successful implementation of the project, they will be issued in accordance with the Recipient’s cash flow requirements and the Agreement’s risk profile.
Recipients must meet, and continue to meet, the specific Terms and Conditions of the Contribution Agreement, prior to payments being made.
Provided that the recipient has met the Terms and Conditions of the Contribution Agreement, a final payment will be made only upon receipt and acceptance of a final financial statement covering the duration of the project. When deemed necessary by the Risk Assessment, audited financial reports will be requested for the project.
12.0 Application Process and Requirements
A Call for Proposals (CFP) will be issued up to twice per fiscal year. Each CFP will be posted on the CSCP website for a duration of three weeks and will lay out the specific application requirements, such as the necessary forms and guidelines.
For the Department to consider a project proposal, all applicants will be required to provide the following supporting material:
- A detailed project description, including a description of the proposed activities, the anticipated reach, and expected results (desired outcomes) of the project. These must relate to the objectives and key expected results of the CSCP.
- The amount of funding requested under the CSCP.
- An itemized budget for the entire project, disclosing all revenues from all sources (confirmed and potential). This should include in-kind support, as well as every expenses expected over the life of the project.
- Names, titles and contact information of the persons responsible for managing the project.
- A commitment to provide a report on the results.
Depending on the nature and duration of the project, the following additional supporting material could be requested:
- An implementation plan, including a description of the targeted clientele, the expected outputs and outcomes, the data gathering methodologies and timelines.
- A copy of the beneficiary’s most recent applicable financial statements.
In addition, to prevent the risk of conflict of interest, the recipient must:
- Disclose the involvement of prospective recipients who are subject to the Values and Ethics Code for the Public Service, the Conflict of Interest Act (S.C. 2006, C.9) or the Parliament of Canada Act (R.S., 1985, c. P-1.01).
- When required by the Lobbying Act, register lobbyists under the Lobbying Act (applicants shall provide assurance that, where lobbyists are utilized, they are registered in accordance with the Lobbying Act and that no actual or potential conflict of interest exists nor any contingency fee arrangement).
- Discuss the role of a departmental official, if one is to participate on an advisory committee or board. Such involvement must not be seen to be exercising control on the committee or board, or on the use of the funds.
Unsolicited proposals submitted outside of the official Call for Proposals timeframe could be considered, at the discretion of the CSCP. In such cases, Applicants should consult the CSCP to discuss their project prior to submitting a completed application.
13.0 Review Process and Assessment Criteria
Proposals for consideration under the CSCP will be reviewed against program criteria by the selection committee. The selection committee will be chaired by the Director General, National Cyber Security Directorate (NCSD) or their delegate, and made up of officials from federal departments and agencies responsible for cyber security, appointed to the selection committee by the Department’s Senior Assistant Deputy Minister, National Security.
In reviewing the eligibility of Recipients for grants, NCSD will use the following criteria:
- The recipient must be a not-for-profit organization.
- The resources funding required to deliver on the proposal can be identified and validated during the review process and the expected results can be adequately and most effectively demonstrated through the use of activity/performance reporting.
- The level of risk must be low, as assessed through:
- The total budgetary allocation of the Agreement.
- The ability of the Applicant to develop, implement, manage, monitor, document and evaluate activities within the specified timeframe and budget.
- The Department’s previous experience working with the Applicant, the degree of collaboration and the quality of and success of the project(s).
- The activities outlined in the Agreement and the difficulty associated with achieving the desired objectives.
- Arrangements that exists for the Agreement in terms of the type of partners, the experiences of the Recipients with these partners, and the confirmation from partners.
- The degree to which the Agreement may withstand public scrutiny.
In reviewing and recommending proposals, NCSD will take into consideration, as applicable and appropriate:
- The extent to which the project would directly support and advance the objectives of the relevant stream of the CSCP, as stated in this document.
- The extent to which the outcomes of the project can be leveraged in subsequent work.
- The extent to which it is demonstrated that the proposed project is evidence based and could strengthen Canada’s cyber security.
- The extent to which the project complements the work of the Department or other Government Department’s efforts, including the National Cybercrime Coordination Unit and the Canadian Centre for Cyber Security.
- The amount of funding requested relative to the amount of resources available from the Department in any given year, and whether expenses outlined in the proposal are eligible and reasonable.
- The ability of the applicant to develop, implement, manage, monitor, document and evaluate activities within the specified timeframe and budget.
- The Department’s previous experience in working with the applicant – the applicant’s degree of involvement and collaboration, the quality of the project and its success.
- The project’s potential for portability and for building on the existing knowledge base as related to Canada’s cyber security.
- The type, extent and distribution plans for report(s) or other material produced.
- The ethical implications of the project.
- The level of support for the proposal from relevant communities, provincial/territorial governments, federal departments and agencies, other stakeholders and partners relevant to the project.
- Whether the applicant occupies a credible and strategic position relevant to cyber security for the purpose of the project/initiative.
- Whether the proposal includes a plan for monitoring, regular reporting, evaluation and dissemination.
In reviewing and recommending proposals, NCSD will have evaluation criteria for each call for proposals and category. In addition to the eligibility criteria and priorities identified under each stream, applications will be assessed on their merit, level of risk, and alignment with the program objectives.
14.0 Monitoring and Reporting
Recipients will be required to report on results achieved, to support the CSCP’s performance measurement strategy and departmental reporting. Specific reporting requirements will be included within each Grant Agreement.
A schedule of reporting requirements will be included within each Contribution Agreement.
Recipients are required to provide the Department with reports outlining the activities undertaken in support of their approved project. Reports are to include the results to be achieved with the funding provided under the CSCP, and the methods used. In addition, Recipients will be required to provide detailed financial reports outlining the costs incurred in relation to their approved project, including a final accounting of eligible expenditures.
Based on an assessed level of risk as identified by Recipients and assessed by the Department’s internal review committee, Recipients may be required to provide the Department with an update on progress towards eligible activities, as deemed necessary. This will be used for monitoring and reporting purposes, to determine whether objectives and targets are being (or are likely to be) met.
15.0 Official Languages
The Department will work with Applicants/Recipients in their preferred official language. All material and information related to the program will be made available by the Department in both official languages.
The Recipients’ communication with, and delivery of services or benefits to the public will be made available in both official languages, in accordance with the Official Languages Act and the Treasury Board’s policies and directives on official languages.
16.0 Intellectual Property
If a project produces intellectual property, the Recipient retains copyright of any work produced under the Contribution Agreement. However, in situations where the Department wishes to use the intellectual property produced by a Recipient, additional clauses may be included in the Contribution Agreement or the Department may negotiate a licence with the Recipient.
- Date modified: